VDB
CVE-2005-1155
CVE-2005-1155
PUBLISHED
CVSS 7.5 HIGH
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
EPSS 35.56% · 97.2th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
35.56%
97.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mozilla | firefox | 0.8, 0.9, 0.9 |
| mozilla | mozilla | 1.7, 1.7, 1.4.1 |
| n/a | n/a | n/a |
Timeline
- Apr 18, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- oval:org.mitre.oval:def:10655 vdb
- RHSA-2005:386 vendor-advisory
- 14992 third-party-advisory
- SCOSA-2005.49 vendor-advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=290036 url
- oval:org.mitre.oval:def:100021 vdb
- http://www.mikx.de/firelinking/ url
- 15495 vdb
- VU#973309 third-party-advisory
- GLSA-200504-18 vendor-advisory
- 14938 third-party-advisory
- RHSA-2005:384 vendor-advisory
- http://www.mozilla.org/security/announce/mfsa2005-37.html url
- 13216 vdb
- RHSA-2005:383 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2005-1155 advisory
- http://www.mikx.de/firelinking url